Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.zerokeyusb.com/llms.txt

Use this file to discover all available pages before exploring further.

ZeroKeyUSB can generate TOTP codes (RFC 6238) fully offline — the same ones you’d see in Google Authenticator, without a phone. This guide covers the usage flow. To add a TOTP secret to a credential, see Importing credentials.
Before you start: the credential must have a TOTP secret loaded (in the 2FA field). If you see 2FA -- on screen, it doesn’t have one. Load the secret from the web manager or over USB-CDC first.

Step 1 — Navigate to the 2FA field

From the credential’s main screen, press Down until you reach the 2FA field. The icon switches from padlock (Pass) to key (2FA). If the credential has a secret loaded, you’ll see 2FA (OK). Otherwise, 2FA --. 2FA field selected With the 2FA field selected (inverted key icon), press Center (short) to start calculating the code.

Step 2 — Enter the date (first time per session)

The ATECC608A has no RTC. It needs date and time just once per session (between power cycles). The device asks for the date first in DD/MM/YY format. Enter date
ButtonAction
Up/DownIncrease/decrease the current digit (0–9)
Left/RightMove the cursor between digits (skipping the /)
CenterConfirm the date and move to the time
Set today’s date and press Center.

Step 3 — Enter the time

Same flow, now in HH:MM (24h local time) format. Enter time Same buttons as the date. When done, press Center to compute the code.
The time can be your exact local time — the device does not apply a timezone. If the service expects UTC and you live elsewhere, adjust manually.

Step 4 — View the TOTP code

After entering date and time, the ATECC608A computes HMAC-SHA1 of secret + epoch/30 and shows the resulting 6 digits. The bottom bar empties as the 30-second window approaches its end. TOTP code on screen With your cursor on the 2FA input field of your app, short-press Center. The device types the 6 code digits to the host as if from a normal keyboard.
If the countdown reaches 0 before you confirm, the code regenerates automatically — you don’t have to re-enter the time.

Step 5 — Subsequent codes in the same session

While the device stays plugged in, you won’t have to re-enter date and time. The next time you enter a 2FA field (in any credential), you jump straight to step 4 with a code computed using the current time. Next code in session Short-press Center to type the code to the host, or Left to return to the credential’s main view without typing anything.

Quick reference

ScreenUseful buttons
2FA (OK) fieldCenter → enter TOTP flow
2FA -- field(no secret loaded, nothing to do)
Enter dateUp/Down: digit · Left/Right: cursor · Center: confirm
Enter timeSame as date
View codeCenter: type to host · Left: exit

Next steps

Import TOTP secrets

How to load the Base32 secret from your service into a credential.

Create your first credential

If you don’t have credentials with TOTP yet, start by creating one.